From WVEC/13 News:
A computer network security breach on May 6th allowed a student access to confidential student information. School officials say that a glitch in the system allowed the access, and it’s been fixed.
Officials say the student accessed names, addresses, birthdays, social security numbers and more, all sitting at a library computer at Ocean Lakes High School.
The school says that the student did not hack into the computer, but was able to look at temporary files that should have been secure using his student ID.
[….]
The student was only caught when he tried to print the information.
Student information at 22 schools was compromised, and though officials aren’t sure why the student wanted the information, they sent a letter home to parents urging them to monitor their children’s credit reports.
Because no hacking was involved the student will not face felony charges. Police are looking into misdemeanor charges.
Misdemeanor charges? They left data exposed and they’re thinking about charging the student?
A listing of the 22 schools and a copy of the letter to parents has been posted to Virginia Beach City Public Schools web site. I noticed that the letter to parents describes the student as having engaged in unauthorized access. Were the files marked “authorized personnel only” or was a password required that he worked around? I suspect not. The letter does not inform the parents that it was a glitch in the school system’s security that seemingly allowed the students to access the sensitive information without hacking.